@@ -1612,7 +1612,7 @@ Security features are accessible to users with disabilities:
Accessibility requirements do not compromise security effectiveness, but security features should not exclude users with disabilities from safe browser usage.
# 5 Browser-Specific Risk Factors
# 5 Technical requirements for web browsers
This clause defines security requirements using a capability-conditions framework that accommodates the diversity of browser implementations and deployment contexts. Each clause identifies a capability that a browser may possess, such as extension support, encryption implementation, or diagnostic logging. Capabilities represent functional areas where browsers exhibit meaningful variation and where security requirements are to be calibrated to the specific implementation choices made by the manufacturer. Each capability is then modified by conditions that represent distinct implementation configurations or operational modes. Conditions are numbered from the most restrictive (typically 0) to the most permissive or feature-rich. For example, a browser's extension system may operate under conditions ranging from "no extension support" through "curated store only" to "unrestricted installation." A browser that does not implement a capability at all may declare the null condition where defined. The requirements applicable to a browser are determined by the combination of capabilities it implements and the conditions under which each capability operates. Manufacturers shall:
1. Identify which capabilities their browser implements.
